Token can't be decoded: Illegal base64 character 5c

[marktani]

Happens when following https://www.prismagraphql.com/docs/tutorials/cluster-deployment/local-(docker)-meemaesh3k

at this step:

Now you are ready to use docker-compose to start your Prisma cluster:

docker-compose up -d

ERROR: Authentication token is invalid: Token can't be decoded: Illegal base64 character 5c
{
  "data": {
    "addProject": null
  },
  "errors": [
    {
      "locations": [
        {
          "line": 2,
          "column": 9
        }
      ],
      "path": [
        "addProject"
      ],
      "code": 3015,
      "message": "Authentication token is invalid: Token can't be decoded: Illegal base64 character 5c",
      "requestId": "cluster:cluster:xxxx"
    }
  ],
  "status": 200
}

[rohanray]

@marktani please any ETA for this

[moritzmorgenroth]

Any news on this? Due to regular prisma cluster downtimes, it would be nice to become idependent for alpha testing :)

[marktani]

Hey @moritzmorgenroth, please upgrade to the latest version of the Prisma CLI, we improved the infrastructure of the public clusters and you should see a big difference 🙂

@rohanray, we're still looking into this, but there's no concrete timeline.

[raeesaa]

@marktani I am getting similar issue following tutorial for Digital Ocean (Docker Machine) as well:

https://www.prismagraphql.com/docs/tutorials/cluster-deployment/digital-ocean-(docker-machine)-texoo9aemu

[moritzmorgenroth]

Hi, I am encountered an interesting issue upgrading: this is what happens when i install from scratch

bash-3.2$ npm uninstall -g prisma
removed 727 packages in 4.163s

bash-3.2$ npm install -g prisma 
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
/usr/local/bin/prisma -> /usr/local/lib/node_modules/prisma/dist/index.js

> fsevents@1.1.3 install /usr/local/lib/node_modules/prisma/node_modules/fsevents
> node install

[fsevents] Success: "/usr/local/lib/node_modules/prisma/node_modules/fsevents/lib/binding/Release/node-v59-darwin-x64/fse.node" is installed via remote
+ prisma@1.0.8
added 727 packages in 20.491s
bash-3.2$ prisma version
prisma/1.0.8 (darwin-x64) node-v9.4.0

So far so good, but when I run:

bash-3.2$ npm update -g
npm WARN deprecated prisma@1.1.1: Please use @rapid/prisma instead
+ prisma@1.1.1
removed 726 packages and updated 1 package in 4.196s

bash-3.2$ prisma version
bash: /usr/local/bin/prisma: No such file or directory

bash-3.2$ npm install -g prisma 
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
/usr/local/bin/prisma -> /usr/local/lib/node_modules/prisma/dist/index.js

> fsevents@1.1.3 install /usr/local/lib/node_modules/prisma/node_modules/fsevents
> node install

[fsevents] Success: "/usr/local/lib/node_modules/prisma/node_modules/fsevents/lib/binding/Release/node-v59-darwin-x64/fse.node" is installed via remote
+ prisma@1.0.8
added 726 packages and updated 1 package in 20.043s
bash-3.2$ prisma version
prisma/1.0.8 (darwin-x64) node-v9.4.0
bash-3.2$ 

Which I find very confusing. Have you renamed the prisma command in the 1.1.1 version? and why am i getting a different version through the update then through the install? @marktani Should I open another issue for this or am I misunderstanding somethings basic? To me, it looks like some kind of name collision on npm.

[nikhilkawtakwar]

@marktani I updated the prisma and tried to deploy on remote cluster. Now I am getting following error.

Could not generate token for local cluster devServer. error:0906D06C:PEM routines:PEM_read_bio:no start line

When I hit the depoly command I am getting following log on docker prisma container

{"@timestamp":"2018-01-25T09:40:07.211+00:00","@version":1,"message":"{\"key\":\"request/new\",\"requestId\":\"cluster:cluster:cjcub55ez000b0187vqskgo8j\"}","logger_name":"com.prisma.deploy.server.ClusterServer","thread_name":"single-server-akka.actor.default-dispatcher-19","level":"INFO","level_value":20000,"HOSTNAME":"3dcf3d9b16fc"}
{"@timestamp":"2018-01-25T09:40:07.228+00:00","@version":1,"message":"{\"key\":\"request/complete\",\"requestId\":\"cluster:cluster:cjcub55ez000b0187vqskgo8j\",\"payload\":\"Map(request_duration -> 16)\"}","logger_name":"com.prisma.deploy.server.ClusterServer","thread_name":"single-server-akka.actor.default-dispatcher-4","level":"INFO","level_value":20000,"HOSTNAME":"3dcf3d9b16fc"}

[rohanray]

@marktani I tried again today using updated prisma cli package.

when I'm trying to do a prisma deploy from my local machine, I'm able to see the docker-composed cluster which I select. Then I get the below error:

Added cluster: dock-comp-again to prisma.yml
Creating stage dev for service test-prisma-docker-compose !
 ▸    Cluster secret of cluster `dock-comp-again` saved in ~/.prisma/config.yml
 ▸    does not match with the actual cluster secret of that cluster. This means the key pair got out of sync.
 ▸    To reset the key pair, please run prisma local start

Am I missing something here?

[raeesaa]

I managed to deploy prisma on remote EC2 instance (running ubuntu). There were couple of changes I had to do while following steps defined in - Digital Ocean(Docker Machine) tutorial in order to get it to working:

1. Output of command cat public.pem | sed -n -e 'H;${x;s/\n/\\\\r\\\\n/g;p;}' prints public key as

   \\r\\n-----BEGIN PUBLIC KEY-----\\r\\n(long string)\\r\\n-----END PUBLIC KEY-----

   There is an issue in which string is escaped, key should not be prefixed with \\r\\n and also escape characters should be \r\n at all places.

   -----BEGIN PUBLIC KEY-----\r\n(long string)\r\n-----END PUBLIC KEY-----

   Same thing goes for private key as well.

2. Key copied in .env file is not being replaced properly docker-compose.yml file. Running docker-compose config shows public key in docker-compose as:

   CLUSTER_PUBLIC_KEY: '-----BEGIN PUBLIC KEY-----\r\nxxxxxxxxxxxxxxxxxxxxxxxxx\r\nnxxxxxxxxxxxxxxxxxxxxxxxxx\r\nnxxxxxxxxxxxxxxxxxxxxxxxxx\r\nnxxxxxxxxxxxxxxxxxxxxxxxxx\r\nxxxxxxxxxxxxxxxxxxxxxxxxx\r\nnxxxxxxxxxxxxxxxxxxxxxxxxx\r\nxxxxxx\r\n-----END
      PUBLIC KEY-----'
   

   when it should be as

    CLUSTER_PUBLIC_KEY: "-----BEGIN PUBLIC KEY-----\r\nxxxxxxxxxxxxxxxxxxxxxxxxx\r\
       \nxxxxxxxxxxxxxxxxxxxxxxxxx\r\nxxxxxxxxxxxxxxxxxxxxxxxxx\r\
       \nxxxxxxxxxxxxxxxxxxxxxxxxx\r\nxxxxxxxxxxxxxxxxxxxxxxxxx\r\
       \nxxxxxxxxxxxxxxxxxxxxxxxxx\r\nxxxxxxx\r\
       \n-----END PUBLIC KEY-----"
   

   Hard coding key directly in docker-compose file instead of picking it up from .env file works.

[maxdarque]

I also found if I used single quote marks for the key, I would the following error:

Could not generate token for local cluster example-cluster. error:0906D06C:PEM routines:PEM_read_bio:no start line

So I changed to double quotes (") in the ~/.prisma/config.yml and it works

[mzygmunt]

Some time has passed. Has anyone found a solution to the issue without hardcoding secret in docker-compose? Only this problem stopping my production deployment.

Or did someone configure the rancher service to work with keys in prisma?

[jjaybrown]

I'm also seeing this issue when deploying to Digital Ocean.

[joelseq]

I followed the @raeesaa 's advice and hardcoded the CLUSTER_PUBLIC_KEY into my docker-compose.yml file with " instead of '. I also replaced all instances of ${PORT} with the actual port number in my .env file since my docker-compose config was giving me bad output like SCHEMA_MANAGER_ENDPOINT: http://prisma-database:$$PORT/cluster/schema. This seemed to do the trick for me :)

[marktani]

@mzygmunt, did you try to follow @maxdarque's advice? Using " instead of ' in ~/.prisma/config.yml.

[mzygmunt]

@marktani

My test configuration on rancher instance:
docker-compose.yml

services:
  prisma:
    image: prismagraphql/prisma:1.5.2
    environment:
      PORT: '4466'
      SQL_CLIENT_HOST: [db_ip]
      SQL_CLIENT_PORT: '3306'
      SQL_CLIENT_USER: prisma_client
      SQL_CLIENT_PASSWORD:[pass]
      SQL_CLIENT_CONNECTION_LIMIT: '10'
      SQL_INTERNAL_HOST: [db_ip]
      SQL_INTERNAL_PORT: '3306'
      SQL_INTERNAL_USER: prisma_internal
      SQL_INTERNAL_PASSWORD:[pass]
      SQL_INTERNAL_DATABASE: graphcool
      SQL_INTERNAL_CONNECTION_LIMIT: '10'
      CLUSTER_ADDRESS: [cluster_address]
      JAVA_OPTS: -Xmx1G
      SQL_CLIENT_HOST_CLIENT1: [db_ip]
      SQL_CLIENT_HOST_READONLY_CLIENT1: [db_ip]
      SCHEMA_MANAGER_SECRET:[manager_key]
      SCHEMA_MANAGER_ENDPOINT: [cluster_address]k/cluster/schema
      CLUSTER_PUBLIC_KEY: '-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHcLAyDlACHeZfd4PqQK\r\nx4lRkf4jH7XC5WVHNgih8iZUe81gJk5glGODLrOcsJXymQAc3nNe24Qv5T4La6tU\r\nssV7uTELZPEf0dY3SOSG4sK+tgjg46SMrvSnQ6PC7IuNhAFYfi7uUleFerFnUkuA\r\nHc7ddGPvr90O3Q4NTz1gKJTf/OYg7oWm0fgxKZhLQfM2SQWdHVCIC6o/0+pb3x73\r\nH9VjBm725jjlEYpE3uMlrezpfjYivRfYAGZZMCRKae5PKNJ1BC5Meodc7pSUz4Jc\r\nxD7bQCQHgXRVkpojg1+cMpZkI2MVJoiEgHVu11zx9/8bc72NpBgTn8Z+Zwb8W6F/\r\nVwIDAQAB\r\n-----END PUBLIC KEY-----\r\n'
      BUGSNAG_API_KEY: ''
    stdin_open: true
    tty: true
    labels:
      io.rancher.container.pull_image: always

~/.prisma/config.yml

  company:
    host: '[cluster_address]'
    clusterSecret: "-----BEGIN RSA PRIVATE KEY-----\r\nMIIEpQIBAAKCAQEAvHcLAyDlACHeZfd4PqQKx4lRkf4jH7XC5WVHNgih8iZUe81g\r\nJk5glGODLrOcsJXymQAc3nNe24Qv5T4La6tUssV7uTELZPEf0dY3SOSG4sK+tgjg\r\n46SMrvSnQ6PC7IuNhAFYfi7uUleFerFnUkuAHc7ddGPvr90O3Q4NTz1gKJTf/OYg\r\n7oWm0fgxKZhLQfM2SQWdHVCIC6o/0+pb3x73H9VjBm725jjlEYpE3uMlrezpfjYi\r\nvRfYAGZZMCRKae5PKNJ1BC5Meodc7pSUz4JcxD7bQCQHgXRVkpojg1+cMpZkI2MV\r\nJoiEgHVu11zx9/8bc72NpBgTn8Z+Zwb8W6F/VwIDAQABAoIBAQCI6YpMeYcjM3eX\r\nZ9Io348dKfriLldh3+94Kr0y2c6cVZAmaCqjaWjsI+bW9JCuECCvWc+fIv0UR9Fr\r\nnkk5rLvZK3IYNTLr3+eXzyFWiP4cmhFluMl3VsEFEKK6lqsyoKbr8PZSpNFpbD+B\r\nxIMk28h03yUuOrOTdOopWN3+ZL4Ie++d85yuJ3AXblxlV8le/dEcKoSOdc5+vg7o\r\nTInoFSazxkmu71cLnBlC19X7c8jmrKoihT/xL1vF+Dk6HoqHzPPm6fbPHVHUGEdR\r\nIQyNE826wxi9RY7WHVoF/lEa4cYzwfnLSpPvig0v/+mGoA3uxyEG4aPH2PEWXXzr\r\njtZ5dIEhAoGBAN1Q38UOEWERmH7m3XM8TbL9AEbzh2UaFldTfaCjwHj2qYSqGser\r\nsG4XUk5Y57cX1PTpDd0+3D56PTR+2e1Lu+5KqQDITcYw6vPeeWOmZi+yWXKeC+ej\r\nZoyDy8d5l55qSQVNuFDBxC9YrQGKXRtksSJM41A4h6fEyzGikBNonnsvAoGBANoA\r\nM2z6Ghk23AOVlrpY86P1AwrFqeFPDIcGbE+Uofsg6u2HLZ7fPGAONFheEz1RzsfR\r\nZN41fEe1/qXNwfd6yrjFp3iuJhkgW57WGNEuGRiXVq8JtTVNTaymMF2wGTi3lCft\r\nrchOteATa2r0GRMuQ79IwaRRT0SuoP3DOqTlZxRZAoGAUjBAiZuJ1LSGH0p5Htxc\r\nNoZCXhb+RwuDFHcLBmcJiWKA3aWWQGSAJsI+bJ4TnykYisMpxOodPI6EwEQDhl5D\r\nsmDDlmjMiTeNaXdLOTiIZlojYa9T2HgUE0a2nKOJLOlnqLKOKl9rDfIufY32ub+R\r\nEJ3hJN95cVJh61Llkm+duz0CgYEAlsLqzaPNJsDcuRHbknXv0OShvPJkALBVXo/f\r\nmc2VlAH41lnU//ksXNWV98LflVmdIm06T743e7RuLiY0zTy7M7tljT0KlffdxOQV\r\nd5xkuK/4v8Z77ifO3uZzrmcZmjLDIDXsKAnfF972O5oiOTSWn5PmbwfYRQxrw/Me\r\n/Gi1t8kCgYEAzzmkGrTj1CTWPdYXvZbt8iJMqiXwXit3Pjtcy9oHzskIliS0XPUD\r\n/2w9KOwhqDvGWZoqt5cGNqlOKBH5mjxBFQtJRAPmXsUxa/yukAgd2diUq98YY7uR\r\nZVcFOTpgU/VJhNfnxbNT6wI/fgs5zdVS4VRfHVrToLBTrOmhnvYnBhI=\r\n-----END RSA PRIVATE KEY-----\r\n"

And I'm getting error:

ERROR: Authentication token is invalid: Token can't bedecoded: Illegal base64 character 5c

@joelseq My problem is that in my company (production environment) I can't manually modify the docker-compose file to use @raeesaa advice to temporarily fix the problem.

[maxdarque]

@mzygmunt @marktani I did some research and reviewed the docker-compose.yml file issues. It looks like this is a known issue and they advise we use docker secrets

INTRODUCING DOCKER SECRETS MANAGEMENT

[divyenduz]

I went about exploring this issue and the underlying issue is that in docker-compose.yml both environment and env_file are not very reliable when passing arguments with multiple lines like the public key in this case.

This is a workaround script (it is well documented) I used to get around this. This solution works with env_file option only.

Here are the steps you need to follow:-

1. Run this script on your .env file and it creates .env.vars and .env.exported
2. Run source .env.exported
3. In docker_compose.yml under the prisma (name of your prisma service) service, add env_file: .env.vars
4. Run docker-compose up -d

To validate, access the cluster server. In case of docker-machine tutorial example run
docker-machine ssh prisma

Then run (note that prisma after exec is the name of prisma service container)
docker exec prisma bash -c 'echo "$CLUSTER_PUBLIC_KEY"'

It should emit a clean properly formatted output like:-

root@prisma:~# docker exec prisma bash -c 'echo "$CLUSTER_PUBLIC_KEY"'
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4mUUL+1l4jTVcetVFm6
GgDCYc/T09dTwpmtvzeMeRUUXe1HjLd3KNkXW9fkBU8bBafxPoeODO/5m3bs63RC
y/cl/6hLuU4x7k7rmHd2qSo/atdoRCgxhDVspBRyE5pIAYzceHu5cixDuOsocIrd
XBWL+RE80hzQB1hZ81rwWg2qPiTCrsuC59ShcaWLJP08sp6TkUuw4OjoARfGx6HJ
ZteaAYTu0yIsV3L0ZBCgwRjWqb4GiFzDGFzBQpxR+bcVbw6fwdWloe5od7FM4P0v
zCSbzG8D0eHZZZkCvMpIaFE6dozs7T/VZBV8YJiK1rMmzmrSkISvi0ZcU8HoV5h9
zwIDAQAB
-----END PUBLIC KEY-----

root@prisma:~#

[idkjs]

@divyenduz thanks for this, sir.

I'm getting

PrisBook:prisma-do-demo$ source .env.exported
PrisBook:prisma-do-demo$ docker-compose up -d
WARNING: The CLUSTER_PUBLIC_KEY variable is not set. Defaulting to a blank string.
prisma-do-demo_prisma-database_1 is up-to-date
prisma-db is up-to-date

Here is the test repo
These are the steps i took as seen in README.md

export token named do-prisma on digitlocean

Run export DO_PRISMA_TOKEN=Example059af5f560570dc21b9a3043dfbc13a41c8349d98dff9

Make sure its there: echo ${DO_PRISMA_TOKEN}

Get regions list:

    curl -X GET "https://api.digitalocean.com/v2/regions" \
        -H "Authorization: Bearer $DO_PRISMA_TOKEN"

Run: docker-machine create --driver digitalocean --digitalocean-access-token 7Example136059af5f560570dc21b9a3043dfbc13a41c8349d98dff9 --digitalocean-size 1gb --digitalocean-region ams3 prisma

Find the running docker-machine container: docker-machine ls and its ip address.
Get the env vars: docker-machine env prisma.
Access that container environment, run: eval $(docker-machine env prisma).
Verify you are in that container environment, run: docker-machine active. Now you have accessed the remote environment for prisma which is on DigitalOcean and all command you run while in that env will run against the remote machine.

Run dockerize-env on .env.

Add env.vars to docker-compose.yml:

  prisma-database:
    image: prismagraphql/prisma:1.7
    env_file: .env.vars
    restart: always

Run source .env.exported.
Run docker-compose up -d.
Enter remote docker container run verification, comes back empty string because I have not set it?

Last login: Fri Apr 27 15:12:28 2018 from 82.255.68.105
root@prisma:~# docker exec prisma-database bash -c 'echo "$CLUSTER_PUBLIC_KEY"'
Error: No such container: prisma-database
root@prisma:~# docker exec prisma-db bash -c 'echo "$CLUSTER_PUBLIC_KEY"'

root@prisma:~# docker exec prisma bash -c 'echo "$CLUSTER_PUBLIC_KEY"'
Error: No such container: prisma
root@prisma:~#
logout

Create cluster entry and then add it to ~/.prisma.config.yml

PrisBook:prisma-do-demo$ sed -e "s/\__DROPLET_IP_ADDRESS__/$(docker-machine ip prisma)/" cluster-template.yml
clusters:
    digital-ocean-cluster:
          host: 'http://206.189.7.98:4466'

In ~/.prisma.config.yml:

clusters:
  digital-ocean-cluster:
    host: 'http://206.189.7.98:4466'
        clusterSecret: mysecret123
  local:
    host: 'http://localhost:4466'

Running prisma init hello-world

What is the endpoint we are to enter here?

If I leave it blank or add http://206.189.7.98:4466 on digital ocean, i get port is already allocated.

Thanks for any guidance.

[divyenduz]

Hi @idkjs

Thanks for reaching out. Can you please do the following:-

1. Use docker-compose.yml from this repository in place of the one from prisma-do-demo repository.

2. Can you please raise a PR in prisma-do-demo repository removing the docker-compose.yml file and documenting use of the repo in step 1? I would have done the same but I am traveling and have no access to my laptop and flaky internet for a few days.

---

@marktani: Feedback, docker-compose in docker-machine tutorial did not work for me as well and yielded the same error, maybe we can replace it with a working version?

Thanks!

[idkjs]

@divyenduz Happy to make the changes once i figure out what is going on. Right now im getting an authentication error i'm working through.

It looks something like this:

$ prismadeploy
Authenticating ✔
Already signed in

ERROR: Not authorized. Please provide a proper 'Authorization' header

{
  "data": {
    "generateClusterToken": null
  },
  "errors": [
    {
      "message": "Not authorized. Pleaseprovide a proper 'Authorization' header",
      "locations": [
        {
          "line": 3,
          "column": 9
        }
      ],
      "path": [
        "generateClusterToken"
      ],
      "code": 403
    }
  ],
  "status": 200
}

[marktani]

I'm closing this issue, as all problems should be resolved since 1.7.

Please create a new issue if you are still running into problems, or create a new topic in the Forum if you have further usage questions.